<?php
/******************************************************* *   Copyright (C) 2007  http://p3net.net    This program is free software; you can redistribute it and/or modify    it under the terms of the GNU General Public License as published by    the Free Software Foundation; either version 2 of the License, or    (at your option) any later version.    This program is distributed in the hope that it will be useful,    but WITHOUT ANY WARRANTY; without even the implied warranty of    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    GNU General Public License for more details.    You should have received a copy of the GNU General Public License along    with this program; if not, write to the Free Software Foundation, Inc.,    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    
    @id: $Id: profile.php 8 2007-07-27 20:56:25Z p3net.tech $
*********************************************************/
include('globals');
class profile
{
	function register()
	{
		$step = empty($_GET["step"]) ? '1' : $_GET["step"];
		if($step == 1)
		{
			$form =& new template('forms/register.tpl');
		}
		else if($step == 2)
		{
			foreach($_POST as $key => $value)
			{
				$vars[$key] = mysql_real_escape_string($value);
			}
			$_query = "INSERT INTO users (`id`, `display_name`, `password`, `join`, `time_offset` VALUES('', '" . $vars["display_name"] . "', '" .
				md5($vars["password"] . "', '" . time() . "', '" . $vars["offset"] . "')";
			$db->query($_query);
			$message->thank('for registering.', 'to proceed to the login page.', 'profile.php?mode=login');
		}
	}
	function edit()
	{
		/* I'm too lazy to code this so we'll do it later */
	}
	function delete()
	{
		/* Need to work everything else out first */
	}
	function pics()
	{
		if(!($user->logged_in()))
		{
			$error->general("Not logged in", "Pics upload");
		}
		$step = empty($_GET["step"]) ? '1' : $_GET["step"];
		if($step == 1)
		{
			$form =& new template('forms/upload_pic.tpl');
		}
		else
		{
			if($_FILES['pic']['size'] < 1)
			{
				$error->general("No image uploaded", "File size = 0");
			}
			$file_name = $_FILES['pic']['name'];			$tmp_name  = $_FILES['pic']['tmp_name'];			$file_size = $_FILES['pic']['size'];			$file_type = $_FILES['pic']['type'];
			
			list($width, $height) = getimagesize($tmp_name) or $general->error("Could not upload", "Not an image");
			
			$fp = fopen($tmp_name, 'r');			$content = fread($fp, filesize($tmp_name));			$content = addslashes($content);			fclose($fp);
			
			$_query="INSERT INTO `images` VALUES('', '" . $user->data["user_id"] . "', '" . $content . "', '" . $file_type . "', ''" 
			. mysql_real_escape_string(htmlspecialchars($_POST["desc"]))  "', '" . $width . "', '" . $height . ",'" . $file_name . "', '0');";
			$db->query($_query);
			
			$user->action(4, '');
			$message->thank('for uploading an image', 'go back to the previous page', 'javascript:history.go(\'-2\')');
		}
	}
	function login()
	{
		$step = empty($_GET["step"]) ? '1' : $_GET["step"];
		if($step == 1)
		{
			$form =& new template('forms/login.tpl');
		}
		else
		{
			foreach($_POST as $key => $value)
			{
				$var[$key] = mysql_real_escape_string(htmlspecialchars($value));
			}
			$_query = "SELECT `id` FROM `users` WHERE `email` = '" . $var['email'] . "' AND `password` = '" . md5($var['password']) . "'";
			$_query = $db->query($_query);
			$num = mysql_num_rows($_query);
			if($num > 0)
			{
				$id = $db->fetch_array($_query);
				$session->login($id['id']);
				$message->thank('logging in', 'to return to the index', 'index.php');
			}
			else
			{
				$error->general('Incorrect Details', print_r($var));
			}
		}
	}
	function inbox()
	{
		$_query="SELECT `id`, `from`, `date`, `subject`, `read` FROM `private_messages` ORDER BY `id` DESC";
		$_query=$db->query($_query);
		$i=0;
		while($temp=$db->fetch_array($_query))
		{
			$pm[$i] = array(
				'id' => $temp['id'],
				'from' => $session->get_username($temp['from']),
				'date' => $session->generate_timestamp($temp['date']),
				'subject' => $temp['subject'],
				'read' => $temp['read']
			);
			$i++;
		}
		$template =& new template('inbox.tpl');
		$template->set('pm', $pm);
	}
	function message(mysql_real_escape_string($id))
	{
		$_query="SELECT * FROM `private_messages` WHERE `id`='" . $id . "'";
		$_query=$db->query($_query);
		$arr=$db->fetch_array($_query);
		$read =& new template('read.tpl');
		$read->set('from', $session->get_username($arr["from"]));
		$read->set('date', $session->generate_timestamp($arr["date"]));
		$read->set('subject', $arr["subject"]);
		$read->set('message', $arr["message"]);
		if($arr["read"] != '1')
		{
			$_query="UPDATE `private_messages` SET `read`='1' WHERE `id`='" . $id . "'";
			$db->query($_query);
		}
	}
	function send()
	{
		$template =& new template('send.tpl');
	}
	function send_process()
	{
	}
}
$profile =& new profile;
switch $_GET["mode"]
{
	case 'register':
		$profile->register();
		break;
	case 'edit':
		$profile->edit();
		break;
	case 'delete':
		$profile->delete();
		break;
	case 'pics':
		$profile->pics();
		break;
	case 'login':
		$profile->login();
		break;
	case 'inbox':
		$profile->inbox();
		break;
	case 'message':
		$profile->message($_GET["id"]);
		break;
	case 'send':
		$profile->send();
		break;
	case 'send_process':
		$profile->send_process();
		break;
}
?>